CVE-2003-0795 Information

Description

The vty layer in Quagga before 0.96.4 and Zebra 0.93b and earlier does not verify that sub-negotiation is taking place when processing the SE marker which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port which may trigger a null dereference.

Reference

http://marc.info/?l=bugtraq&m=106883387304266&w=2 http://secunia.com/advisories/10563 http://www.debian.org/security/2004/dsa-415 http://www.redhat.com/support/errata/RHSA-2003-305.html http://www.redhat.com/support/errata/RHSA-2003-307.html